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■ Abstract. Given two pushdown systems, the bisimilarity problem asks whether they are 

^SJ , bisimilar. While this problem is known to be decidable our main result states that it is 

nonelementary, improving EXPTIME-hardness, which was the previously best known lower 
O ' bound for this problem. Our lower bound result holds for normed pushdown systems as well. 
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1 Introduction 

A central problem in theoretical computer science is to decide whether two machines or systems 
behave equivalently. While being generally undecidable for Turing machines, a lot of research has 
been devoted to find subclassses of machine devices for which this problem becomes decidable. 
^ ■ Equivalence checking is the problem of determining whether two systems are semantically identical. 

It is well-known that even language equivalence of pushdown automata is undecidable, in fact 
already their universality is undecidable. On the positive side, a celebrated result due to Senizergues 
states that language equivalence of deterministic pushdown automata is decidable [13]. The best 
known upper bound for the latter problem is a tower of exponentials [15] (see [4] for a more recent 
QQ , proof), while only hardness of deterministic polynomial time is known to date. 

• Among the numerous notions of equivalence [18] in the realm of formal verification and con- 

I currency theory, the central one is hisimulation equivalence {bisimilarity for short), which enjoys 

■ pleasant mathematical properties. It can be seen to take the king role: There are important char- 
acterizations the bisimulation-invariant fragments of first-order logic and of monadic second-order 

04 ■ logic in terms of modal logic [17] and of the modal /i-calculus [5], respectively. In particular, bisim- 

ilarity is a fundamental notion for process algebraic formalisms [11]. As a result, a great deal of 
research in the analysis of infinite-state systems (such as pushdown systems or Petri nets) has been 
_ devoted to deciding bisimilarity of two given processes, see e.g. [10] for a comprehensive overview. 

■ A milestone result in this context has been proven by Senizergues: Bisimilarity on pushdown 
\ systems (i.e. transition systems induced by pushdown automata without e-transitions) is decidable 

[14] ; in fact, in [14] bisimilarity is proven to be decidable for the more general class of equational 
graphs of finite out-degree. Since pushdown systems can be viewed as an abstraction of the call- 
and-return behavior of a recursive program, the latter decidability result should be read as that 
one can decide equivalence of recursive programs in terms of their visible behavior. Concerning 
decidability the latter result can in some sense be considered as best possible since on the slightly 
more general classes of type -la and type -lb rewrite systems [7] and order-two pushdown graphs 
[2] bisimilarity becomes undecidable. 

Though being decidable, Senizergues' algorithm for deciding bisimilarity of pushdown systems 
consists of two semi-decision procedures and in fact no complexity-theoretic upper bound is known 
for this problem to date. On the other hand, the best known lower bound for this problem is 
EXPTIME shown by Kucera and Mayr[9]. In [8] EXPTIME-hardness has been even be established 
even for the subclass basic process algebras, for which a 2 EXPTIME upper bound is known [3]. 
Such complexity gaps are typical in the context of infinite-state systems. 

In fact, in case decidability is known, the precise computational complexity status of bisimilarity 
on infinite-state systems is known only for few classes, let us mention basic parallel processes 
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(communication-free Petri nets) [6] and one-counter systems (the transition systems induced by 
pushdown automata over a singleton stack alphabet) [1] . 

Our contribution. The main result of this paper states that bisimilarity of (systems induced 
by) pushdown systems is nonelementary, even in the normed case. We give small descriptions of 
pushdown systems on which a bisimulation game is implemented that allows to push and verify 
encodings of nonclementarily big counters a la Stockmcyer [16]. As an important technical tool we 
realize deterministic verification phases in the bisimulation game by simulating non-erasing real- 
time transducers that are fed with the stack content. As basic gadgets, we use the well-established 
technique of Defender's Forcing [7]. We are optimistic that our technique gives new insights for 
potential further lower bounds for bisimilarity of PA processes, regularity for pushdown systems, 
and weak bisimilarity of basic process algebras. 

Organisation. 

In Section 2 we introduce preliminaries. In Section 3 we recall basics on transductions, introduce 
useful abbreviations for pushdown rules and recall Defender's forcing. Section 4 consists of our 
nonelementary lower bound proof for bisimilarity of pushdown systems. 

2 Preliminaries 

By N '= {0, 1, . . .} we denote the set of non-negative integers. For n,m € N with we write [n, m] 
for {n, n+ 1, . . . , m}; in particular note that [n, m] = if n > to. 

A labelled transition system (LTS) is a tuple S = {S,Act, {-^ | a e Act}), where 5 is a set of 
configurations, Act is a finite set of action labels, and C S x 5 is a transition relation for each 
a G Act. We say that a state s € S is a, deadlock if there is no f G 5 and no a G Act such that 
s A t. A binary relation R C S x S is a bisimulation if for each (s, s') G R and each a G Act, we 
have: (1) if s A- then there is some s' ^ t' with {t,t') G R and, conversely, (2) if s' A- f, then 
there is some s A t with (t, t') £ R. We write s ^ t is there is some bisimulation R with (s, t) G R. 
Although not explicitly used in this paper, it is sometimes convenient to view bisimilarity as a 
game between Attacker and Defender. In every round of the game, there is a pebble placed on a 
unique state in each transition system. Attacker then chooses one transition system and moves 
the pebble from the pebbled state to one of its successors by an action — >, where a is some action 
label. Defender must imitate this by moving the pebbled state from the other system to one of its 
successors by the same action If one player cannot move, then the other player wins. Defender 
wins every infinite game. Two states s and t arc bisimilar if and only if Defender has a winning 
strategy on the game with initial pebble configuration {s,t). 

A pushdown automaton (PDA j is a tuple V = {Q, F, Act, ^), where Q is a finite set of control 
states, -T is a finite set of stack symbols. Act is a finite set of actions, and ^ C (Q x {e} x Act x 
Q X {s}) U (Q X {e} X Act xQxr)[J{Qxrx Act xQx {s}) is a finite set of internal rules, push 

rules, and pop rules, respectively. The size of V is defined as \V\ =' \r\ + \Act\ + |^|. We write 

qv A q'w to mean {q, v, a, q' , w) G Such a PDA V induces an LTS S{'P) =^ [Q x F* ,Act, {-^ | 

a G Act}), where A Uxer*{(9''^^' (I'wx) \ qv "A q'w} for each a G Act We will abbreviate each 
configuration [q, w) in <S('P) by qw; in particular the configuration [q, e) will be denoted by just q. 

Given a PDA V = {Q,F,Act,^), qi,q2 G Q and wi,W2 G F* the PDA bisimilarity problem 
asks whether qiwi ^ q2W2 holds in S{V). In this paper we prove the following theorem: 

Theorem 1. PDA bisimilarity is nonelementary. 

3 Techniques 
3.1 Large Counters 

For each £,n > we define Tower(€, n) inductively as Tower(0,n) =^ n and Tower(^ + l,n) =^ 
2Tower(€,n)_ 4£f |q^^ -|^^| alphabets whose letters have values: val{Oe) = and val{le) = 1. 
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A (0, n)-counter is a word from J7q . The value val{c) of a (0, ri)-counter c = ctq • • • Cn-i is defined 

as val{c) =' Yll=o 2* • val{ai). So the set of values val{c) of (0, n)-counters equals [0,2" — 1] = 
[0, Tower(l, n) — 1]. An (£, r7,)-countor with ^ > 1 is a word c ~ coCToCicti • • ■Cm'Jm, where m = 
To\Ner{£,n) — 1, each q is an {£ — l,n)-counter with val{ci) =- i, and <Ti G ]?£ for i e [0, m]. We 

define val{c) =' X)™ g 2* • val{ai). Observe that val{c) £ [0,Tower(£ + l,n) — 1] and the length of 
each {i, n)-counter is uniquely determined by I and n. We call an {i, n)-counter c zero if val{c) = 0, 
and ones if val{c) = Jower{£ + — 1. In the following wc write Q<i for Ijf^Q ^2,. When n is 
clear from the context, we may speak of an i-counter to mean an (£, n)-counter. 

3.2 Transductions 

A (real-time and non-erasing) transducer is a tuple T = {Q,qo, I],Y,S), where Q is a finite set 
of states, go S Q is an initial state, S and T arc finite alphabets, and 5 : Q x S ^ Q x is 
a transition function with output. We say that T is letter-to-letter if 6{q,a) G Q xT for each 
q G Q and each a £ S. We inductively extend 5 to the function 6* : Q x S* ^ Q x T* as follows: 
for each w G S* and a G S we set e) =^ £) and aw) =^ {q",uv) if o) = (g',w) 

def 

and (5* ((?',«;) = {q",v). We define the transduction fr '■ S* ^ T* of T as friw) = v, whenever 
d*{qo,w) = {q,v) for some q G Q. A transduction fx S* ^ T* is said to be letter-to-letter if T 

is. We define the size ofT as \T\ |Q| + \IJ\ + \T\-^Y.{H ■■qGQ,aG S,Siq,a) = {q',w)}. 
Given two transductions /i : iTjf — )• T* and f2 ■ ^2 ~^ ^* '^it^ Si f] = 0, we define their 

shuffte as /1II/2 : (A U S2)* inductively for each w € {^i U S2)* and each a G (I^i U 1^2) as 

follows: /i||/2(e) =' £ and /i||/2(a«;) =' Ma) ■ (fMw)) if a € Ui, for each z G {1, 2}. 

We note that from two given transducers Ti , T2 with transductions /^^ : S* ^ Y* and : 

-^T*, one can compute in time 0{\Ti \ ■ IT2I) a transducer T such that = /tiII/t2- 

We note that every non-erasing homomorphism is a transduction (witnessed by a single-state 

transducer). Having a transducer T, we will often write T for /t without risk of confusion. For 

w gT*, we denote hy S t-^ w the homomorphism h{a) =^ w for each a G S. 



3.3 Defender's forcing and Attacker's forcing 




For our reduction we will use Or-gadgets ("Defender's forcing") and And-gadgets ("Attacker's 
forcing") to express logical disjunction and conjunction with bisimulation. More precisely, we have 
the following lemma. 

Lemma 2 (see e.g. [7]). Consider the states and transitions in Figure 1 (a) or (h) as part of an 
LTS. The states ,s,s, may have incoming transitions, the states »t,t,, ,t' ,t',, may have outgoing 

transitions (not shown). Then we have for the gadgets in Figure 1: 

(a) for the Or-gadget: ,s ~ s, if and only ,t ~ t, or ,t' ~ t',; 
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(h) for the And-gadget: ,s ~ s, if and only ,t ^ t, and ^ i', . 

The lemma is easy to verify, see e.g. [7]. In terms of a Defender- Attacker game: In the Or-gadget 
Defender decides if the play continues in {,t,t,) or in {,t',t',), whereas in the And-gadget it is 
Attacker who decides this. 

3.4 Macro Rules 

We will construct a PDA with many control states and rules. In the interest of succinctness and 
readability we use macro rules that compactly represent a set of PDA transition rules with a 
certain role. For the rest of the section, fix a PDA V — {Q, F, Act, ^) with a, 5 e Act. 

Macro rules with one state on the left-hand side. For p,q G Q, a G F and ai • ■ G Act^ 
with i>l we write 

pa ' > q 

to denote that there are pi, . . . ,pi G Q with pa pi P2 ■ ■ ■ > Pe = q, and there are no other 
rules with pa on the left-hand side and no other rules involving pi, . . . ,Pe-i- 

For p,q £ Q and a regular language L C F* and a transduction T : F* ^ Act* we write 

pL ^ q 

to denote that V contains control states and rules described below. These rules make sure that 
when 7^ is in a configuration py for y G 7^*, then the shortest prefix w of y with w € L will be 
popped, and #T{w)ij^ will be read (where # e Act is a special action symbol), and the control 
state will be changed to q: if y does not have a prefix w with w E L, then y will be popped, 
and #T{y) will be output. This behaviour is the result of a product construction between the 
minimal deterministic finite automaton (DFA) accepting L and the transducer T. More precisely, 
let A = {QA,qQ,F,FA,SA) be the minimal DFA that accepts L, where Qa is the finite set of 
states, qQ G Qa is the initial state. Fa C Qa is the set of final states, 6a ■ Qa x F — >• Qa is the 
transition function. Assume T = {Qt, qo ■, F, Act, 6t)- Then V contains the control states Qa x Qt 
and the following rules: 

— P'^ 

— {q-^, q^) ^ q for each q"^ G Fa and each q^ G Qt', 

— for each a G F, each q^ G Qa \ Fa and each q"^ G Qt, where 5T{q^ , a) = {r'^ , w), we have the 
(macro) rule {q'^,q^)a ^ {5A{q'^,a),r^). 

There are no other rules with p on the left-hand side, and no other rules involving Qa x Qt- 

T 

lipL^ q and w € L but no proper prefix of w is in L, then we have in the LTS S{V) 

tor all a; G i : pwx — > sq — > s\ — > . . . — > se — > qx , (1) 

where the path is deterministic, T{'w) = ai ■ • ■ ai, and sq, ■ ■ ■ ,Si are configurations of V, i.e., states 
in SiV). 

We will need the following lemma, which shows how to compare two counters in terms of their 
images of two given transducers. For the statement of the lemma, recall the concept of counters 
and the alphabets fig from Section 3.1 and recall for each alphabet f2 and each word w we denote 
hy O w the homomorphism that maps every element from Q to w. 

Lemma 3. Let Ti,F2 : ^<£_|_i Act* be letter-to-letter transducers for some £ > 0. Let V = 
{Q,F,Act,^) be a PDA with {,p,p,,,q,q,,,r,r,} C Q, /2<£_|_i C F and the following macro 
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rules: 



,q[Q*^^_-^- Qi)* ■ Qi+i'^ ,r apply Tx 

q, Qi+i r, apply T2 

^ ^ Fh-^a pop two (-counters 



Fh^aa pop one (-counter 



and two Qe+i-symbols 
pop one (-counter 
and one i7e+i-symbol 



Let (Ti,(T2,cr3 G f^i+i, and let wi,u>2, be (-counters. 

(a) Assume xi,X2 S r* such that »rxi ~ r»X2- Then 

,qwiaiXi q,W2cr2X2 Ti{wiai) = T2{w2cr2) ■ 

(b) Assume x G F* such that ,rx ^ r,wiaix. Then 

,pWsasW2(T2WiaiX ~ p,W3asW2(T2Wl(TiX <S=^ Ti{wiai) = T2{W2(T2) ■ 

Proof. Part (a) is immediate from the definitions. For part (b) we have: 

,pw3azW2(J2Wiaix ~ p,W3,azW2<J2Wiaix 
<^=> »qwi(j\x ~ q,'W2(T2WiaiX by the first two rules 

■^=> Ti(wicri) = T2(w20'2) by part (a) 

□ 

Macro rules with a state pair on the left-hand side. In the following we assume that 
control states, i.e., the elements of Q, are of the form ,q and q». By we refer to the state pair 
{,q, g.) G Q^. Given w G F*, we write to denote that ,qw ~ q,w. 

For ai ■ ■ ■ € F^ with ^ > we write 

~^ o->- l^ai(T2 ■ • - cTe 

to denote that there are state pairs qq, . . . ,qe with Ijt = ~<t and 

*qe A ,qe-ia£, .gi A .qocri, ,qo A ,r and 
qe» A qt-i,ae, gi, A qo,ai, qo, A r,, 

and there are no other rules with ,g or q, on the left-hand side and no other rules involving 

qo, . ■ . , qi-i. With this macro rule we have 

for all X € r* : ~"^a; <^=> ~"r^cricr2 • • • aex . (2) 
For CTi , 0-2 G FU {e} we write 

Y o > {riai, r2<J2] 

to denote that Defender's forcing is implemented as described in Lemma 2 (a); i.e., in terms of 
Figure 1 (a) we have the state correspondences ,s = ,q and s, = q, and »t = .ritri and t, = ri.ai 
and ,t' = ,r2(T2 and t', = r2»(T2, the internal rules ,g A ui, . . . , g, A U3 and finally the push rules 

wi A .riCTi, . . . , Us 'A .r2cr2, as prescribed by Figure 1 (a). Intuitively, in a Defender- Attacker 
game, when the play is in a configuration {,qx, q,x) for x G F*, then Defender chooses whether the 
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game will be in (»riaix,ri»aix) or in {»r2cr2X,r2,»o'2x). In other words, we have iff '^rtaix 

or ~r20-2a;. We generalise this notation to sets: for {wi, . . . ,W(} C F* we also write 



t 




to denote that a sequence of Or-gadgets (Figure 1 (a)) is used to achieve 



for all x G r* : ^~^x 




(3) 




rewi} 

1 (b)) are used to achieve 



for all X € r* : 



(4) 



i=l 



4 The Construction 

We prove Theorem 1 by showing that PDA bisimilarity is fc-EXPSPACE-hard for all fc > 1. 

As the first step of our reduction we consider a problem on Icttcr-to-lcttcr transducers. A 
transducer machine is a triple T = {£,Ti,T2), where £ > 1, and Ti,T2 : {0, 1}* T* are letter- 
to-letter transducers. Given a transducer machine T we call z G {0, 1}^ a dead end if there is no 
z' E {0, 1}'' with Ti{z) = T2{z'). We say that T is deterministically terminating if there are t €N 
and words zq, . . . , € {0, 1}^ such that 



— for each Zi there is at most one z' € {0, 1}^ with Ti{zi) = T2{z'), 

— Ti{zi) = T2{z,+i) holds for all i G [0,t - 1], and 

— zt is a dead end. 

If T is deterministically terminating we define last(T) '= Zt- The first step of our reduction is 
applying the algorithm of the following proposition. 

Proposition 4. For each k > 1 there exists a k-EXPSPACE-complete language L C E* such 
that the following is computable in polynomial time: 
INPUT: w e Z"". 

OUTPUT: Transducers Ti, : {0, 1}* -)■ T* , where T = (Tower(A:, n), Ti, T2) is a determinis- 
tically terminating transducer machine and o^°'"*''('^'") is a dead end such that moreover 



Proof (sketch). Let us fix some k > 1. Let us first mention how the language L can be chosen. 
The following claim is a simple adaption of the linear speedup theorem, we refer the reader to [12] 
for details. 

Claim: For each fc > 1 there exists a deterministic Turing machine (DTM) A4 and some m G N 
such that the following holds: 

(1) m is the sum of the number of states of Ai plus the number of tape symbols of Ai. 



(3) For each n > we have 

(i) the DTM M has a unique accepting configuration and a unique rejecting configuration 
that both do not have any successor configuration on each input of length n and 



w€L if and only if \ast{T) = 0"^°"'"''('='") . 



(2) the DTM M is 



Tower(A;,n) 
n-\-m 



n space bounded for all but finitely many n gN. 
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(ii) the unique computation of on w either reaches the accepting or the rejecting configu- 
ration for each word w of length n. 
(4) The acceptance problem of M is complete for fc-EXPSPACE under polynomial time many-one 

reductions. 

Let us fix some k > 1 and some Turing machine A4 that satisfies points (1) to (4) of the above 

Claim for the rest of this proof. We define L =^ L{A4). Let us assume that the input alphabet 
oi M is S. Let us fix an input word w G S". We can assume without loss of generality that M 



IS 



Tower(fc,n) 



n+m "J ~ space bounded on input w (the other finitely many cases can be dealt with 

explicitly in our reduction). Recall that by Point (3) of the above Claim we have that Ai has a 
unique accepting configuration and a unique rejecting configuration, and that all computations 
of reach either the accepting or the rejecting configmation, and that the accepting and rejecting 
configurations have no successor configurations. In a first step, we modify At to a DTM ^4w so 
that Adyj started on the empty tape first writes w on the tape and then simulates A4 on w. We 
note that we can construct A4w in such a way that 

— Mw can be obtained from M by adding at most n additional states and corresponding tran- 
sitions that allow us to initially copy w onto the working tape, 

— the sum of the number of states of Aiw plus the number of tape symbols of is n + m. 



- Mw is 



Tovjer(k,n) 
n-\-m 



■ n + n 



-we L{M) if and only if £ G L{Mw)- 



Tower(k.n 
n-\-m 



■J space bounded and 



Fix a binary encoding enc of configurations so that each tape symbol and each pair consisting 

of a state and a tape symbol of Aiw can be (injectively) encoded by a binary string of length n + m. 
We extend this encoding to configurations of by mapping each configuration c (injectively) to 
a string enc(c) G {0, 1}^ where £ = Tower(fc, n). Moreover we assume that the initial configuration 
of A4w (with empty tape) is encoded by 1^ and that the (unique) accepting configuration of A4w 
is encoded by 0^. It remains to argue that one can construct transducers Ti,T2 : {0, 1}* T* so 
that 

(*) for all configurations c, c' of A4w we have Ti(enc(c)) = T2{enc{c')) if and only if c' is a successor 
configuration (i.e., the unique one) of c. 

For establishing (*), the idea is to construct Ti,T2 so that if c is a configuration of A^u> then 
Ti(enc(c)) is an encoding of c', where c' is the successor configuration of c, and T2{enc{c)) is an 
encoding of c. The most straightforward implementation of this idea would be to let Ti{enc{c)) = 
enc(c') and T2(enc(c)) = enc(c). However, this cannot be easily done, if at all, loosely speaking 
because the read- write head of may move in the direction "opposite" to the transducers so 
that the transducer Ti would have to "guess" where the read-write head is before it actually sees 
it. Therefore, we construct T1. T2 so that their output is "delayed" by a few steps: Transducer 
Ti remembers in its finite control the last few bits of the encoded tape and outputs the bits of 
the encoding of the successor configuration only after T\ can be sure about them. Transducer T2 
does not compute the successor configuration, but only re-encodes the encoded configuration, and 
outputs the bits of the new encoding in a similarly delayed way as Ti. Since transducers need to 
output a single symbol per step, the transducers Ti,T2 output a dummy symbol in the first few 
steps. At the end they need to output a single symbol containing the last few bits of the new 
encoding. As a consequence the alphabet T cannot be (easily) taken to be binary; thus we simply 
choose T sufficiently large for this to work. □ 

Let us fix some fc > 1 for the rest of this section and let us fix the fc-EXPSPACE complete 
language L C E* that satisfies Proposition 4. Moreover let w € 17" be a word. Our overall goal is 
to compute from w in polynomial time a PDA and two of its configurations that are bisimilar if 
and only if w) G L. As an intermediate step, let us fix for the rest of this section the output (Ti, T2) 
of the algorithm of Proposition 4 on input w, and let T = (Tower(fc, n), Ti, T2). In the rest of the 
section we will show how to compute from Ti,T2 and n in time polynomial in |Ti| -|- IT2I + n a 
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PDA V = (Q, n, Act, so that we have ~(start) in S{V) if and only if last(r) = oT"™^^^^'") holds 
in T, where .(start) and (start), will be control states of V. We recall that fc is a fixed constant. 
Let 

B =^{start, stop^, testDcQ, testDec], ones^, ones], decOk^, zero^, zero], deQ, dec], deco ' , 

fin, testFin, popAII, next, next^, tran, testTran, testTran^ \ Q < i <k + 2, l<i<n}U Bi^pi 

be a set of "basic symbols" that we use to construct the control states Q. The set Bimpi contains 
further (implicit) symbols that are needed to implement macro rules. In the following we regard 

each element of B as a sing le symbol (of length 1). Define Q = n<k+u Act = {0, 1, #, a, b} y T, 

Q = ,BU B„ where ,B {.(a) \ a £ B* , 1 < |a| < fc + 2} and similarly B, {(a). | a G 
B*, 1 < |q;| < fc + 2}. For instance, we have ,(deCfc_i onesfc) G Q. We will use (5 to indicate an 

arbitrary word a G B* with 1 <\a\ <.k + 1. 

This section is organised as follows. In Section 4.1 we show how we can implement a bisimulation 
(sub-)game in (S('P) that allows us to test whether two ^-counters have consecutive values for each 
£ > 0. In Section 4.2 wc show how wc can implement a bisimulation (sub-)gamc in S{'P) that 
allows Defender to push an ^-counter onto the stack for each £ > 0. We conclude our reduction in 
Section 4.3. 

4.1 Checking Counters for Consecutive Values 

For each i e [0,fc] we include control states ,(stop^), (stop^), such that for all x £ Q* and all 
a e fit+\ and all ^-counters w we have 

,(stop^)a; ~ {sto'pi),wax (5) 

This is easily achieved, for instance by including no rules with ,(stop^) or (stop^), on the left-hand 
side. 

We need to be able to verify whether two counters (at convenient positions) on the stack have 
consecutive values. To this end we include rules such that the following statement holds: 

Lemma 5. Let x e f2* , and ai,a2,(J3 € i^^+i, and let wi,W2,W3 be i-counters. Then 
'^{testDecJ)'W3a3W2(T2Wiaix iff val{wi) = val{w2) + 1. 

Let T^°,T^^ : {f2i U f2i+i)* {0,1, a, 6}* be the transducers depicted in Figure 2. 
Transducers T^^,T^^ interpret the input word over as a number in binary, with the least 




Fig. 2. Transducers T+° and T/^ 



significant bit read first. Transducer T^'^ copies the number and outputs a upon reading an fii+i- 
symbol. Transducer T^"^ attempts to increase the number by 1 and output a upon reading an 
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i7^+i-synibol, but it outputs b if the input number consisted only of Is. If wi,W2 are ^-counters 
and CTi,cr2 € ^e+i, then we have: 



(r+°||%,_i ^ a){wiai) = (r+i||%^_i ^ a){w2a2) 

(o) 

iff val{wi) = val{w2) + 1 



Transducers T/'^,T/^ are used in the following rules. 



.(testDec^) (^2<^_i • /?^) • f^e+i ' = > .(stop^) 

(testDec^), (/?<£_i • ^e) ■ f^e+i ' > (stopi), 

,(testDeQ)f2<^ • f2i+i ■ n% ■ fli+i .(testDec^) 
(testDeQ),i7<^ • f^t+i JI^^ (testDec]). 

Proof (of Lemma 5). By (5) we can apply Lemma 3 (b). Hence we have: 

~ (testDec^ W3 C73 ti;2 (72 wi (Ti a; 
<^ (T+°||%^_i ^ a){wiai) = (T+^||%^_i ^ a){w2a2) by Lemma 3 (b) 

<^=^ vallwi) = val{w2) + 1 by (6) 



□ 



4.2 Building Counters 



In the lemmas below we will make statements about properties of S{V) if we include certain rules 
to V. For better readability, we will state the properties before we list the rules. 

Lemma 6 below demonstrates how to construct large counters. Recall that we use (3 to indicate 
an arbitrary word from B* with length between 1 and k + 1. We include rules such that the 
following holds: 



Lemma 6. Let I G [0, k], and x G O* , and a,T G f^e+i, o-nd v, w be (.-counters. 



(a) Then ~(ones^ j3)x iff '^{j3)wx, where w is the ones i-counter. 

(b) Then ~(decOk£ p]vawTX iff val{v) + 1 = val{w) and '^{^vawrx. 

( c) Then ~(zero^ ^uwtx iff val{w) = 1 and ^J^vawrx, where v is the (-counter with val{v) = 0. 

(d) Then ~(deQ P^awrx iffval{w) ^ and rS(^vawTX, where v is the (-counter with + l = 
val{w). 



The following rules for the special case £ = are included. 
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(oneso H) {^IZ 
(decOko McAjcel, 

(testDeco^O^Oi | 

(zeroo /3) ^ (decOko^OJ^ 



(deco /3) ^ |(decW/3)0o,(decW/3)lo 
VI < i < n : (de4')/3) |(d^4^+^0o, (d^^^+^lo 



(de4"^/3) o^. (decOko 



push a ones O-counter 

believe that the values of the 

top two 0-counters differ by 1 

OR challenge that claim by 

invoking testDeco 

push a zero O-counter and check 

if it is over a O-counter with value 1 

push the first bit of the 
decremented O-counter 

push the {i + 1)"* bit of the 
decremented O-counter 

verify if the O-counter has been 
correctly decremented 



The following rules are included for 1 < £ < fc. 



(ones£ fi) (ones£_i ones^ I3)\i 

1 — ^ ( 1 — ^ 

(ones^ /?) o — y |(deQ_i ones^ l3)li, 

(zero^_i ^^1^1 
(decOk, p]^\J^, 



{onese testDeQ^O^+i | 



zeroi /3} (ones£_i zero^ f3)Qf 



(zero] p) 



(dec, /?: 

(dec] 



Def 

Def 

Def 



|(dec,_i zero] I3)0e, 

(zero^_i decOk, /jjo^} 

f 1 — 

< (oneSf_i dec£ /3)fT | a € 

|(decf_i dec] /3)(j, 



(zero^_i decOk^ (3)a I a G 



push l£ and a ones {£ — l)-counter 
push and a decremented {i — l)-counter 

OR push 1( and a zero {£ — l)-counter 

believe that the values of the 

top two ^-counters differ by 1 
OR challenge that claim by 
invoking testDec^ 

push Oi and a ones {£ — l)-counter 
push and a deer. {£ — l)-counter 
OR push 0^ and a zero {£ — l)-counter 
push from and a ones {£ — l)-counter 
push from and a deer. {£ — l)-counter 
OR push from and a zero {£ — l)-counter 



Proof (of Lemma 6). The proof is by induction on £. 
Induction base. 

Case (a) immediately follows from the rule for (oneso P\ 

For part (b) we have: 
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■'(decOko PjvawTX 



^(testDeco)OoOi?;(Twra; and ^(f3)vawTX (rule for (decOko/3)) 
val{v) + 1 = val(w) and ^Ij^^vawrx (Lemma 5) 



For part (c) we have: 



(zeroo P)awTX 



'^(decOko)OQO-ii;TX (rule for (zeroo^S) and part (b)) 

i'a/(Oo) + 1 = val{w) and ^Jj^vawTx (Lemma 5) 

val{w) = 1 and ^JjS^vawTX, where 
V is the 0-counter with val{v) = 



For part (d) we have: 



^(deco /?! 



3v G J7q : ~(decOko f3)vawTX (rules for (deco /3) and (de 



<=^ 3v e : val{v) + 1 = val{w) and ^{P)vawTX (part (b)) 

val{w) ^ and ^Jj^^vawrx, where v 
is the ^-counter with val{v) + 1 = val{w) 

Induction step. In the following let £ G [0, fc — 1], let a; G i?*, let a,T € f2i+2 and let v,w be 

{£ + l)-counters. Let m Tower(n,^ + 1) — 1. We write Cj for the ^-counter with val{ci) = i for 
each i e [0, m]. 

For part (a) we obtain the following equivalences: 



-(ones^+i I3)x 



~(ones^ ones|_,_i li)li+\x 

y 

~(ones^+i j3)cm'^t+xx 

> 

~(deQ ones^+i l3)le+iCmh+ix 



or ~(zero^ p)le+iCmU+ix 



(rule for (ones^+i 
(ind. hyp. on (a)) 



(rule for (ones]_,_i 

(ind. hyp. on (d),(c),m > 1) 



Further we have 



-(deQ ones]_,_i /3)l^+iCi • • • li+iCmh+ix 



or ~(zerof p)le+ici ■ ■ ■ le+iCm^e+ix 



~(ones^+i /3)col£+i • • • c^h+ix 
or col£+i • ■ • le+iCmle+i x 



ones + l)-counter 



■'(ones]_|_i /3)col£+i ■ ■ ■ Cmle+ix 

-(dec£ ones]^;^ ^)l£+icol£+i • • • c^l^+ia; 



or ~(zero^ /3)l^+iCol^+i • • • c^l^+ia; 
false 



(ind. hyp. on (d)) 
(ind. hyp. on (c)) 



(rule for (ones]_,_j 
(ind. hyp. on (d),(c)) 
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Combining this with the equivalences above yields part (a) for £ + 1. 
For part (b) we obtain the following equivalences: 



^(decOk^+i (3]vawTX <^=^ ^J^vawrx 

and ~(ones^+itestDec£+ijo^+2fcrw;ra; (rule for (decOk^+i fi]) 

<^=^ r-jJp^vawTx and '^{testDec£^i)w'0£-i-2V(JWTx 

where w' is the ones {£ + l)-countcr (part (a)) 

4=> ^{P^vawTX and val{w) = val{v) + 1 (Lemma 5) 



For part (c) we obtain the following equivalences: 



^(zero^+i/3)(TtWTa; 



^(ones^zero]_|_i j3)Q(,+\awTX 
> 

-(zero^+i P)cm^i+-i_awTX 
■'(deQzero]_,_i l3)0i+iCm^t.+i(jWTX 



(rule for (zero^+i 
(ind. hyp. on (a)) 



or ~(zero^decOk£+i /3)0^+ic„0^+i(jwtx 

~(zero]_,_l (})Cm-l^t+lCmQl+lCrWTX 



(rule for (zero^^j^ p)) 

(ind. hyp. on (d),(c) and m > 1)) 



-(deQzero]^;^ l3)Qi+iCi ■ ■ ■ Og+iCm^i+ic 



or ~(zero^decOk£+i j3)0i+iCi ■ ■ ■ Qi+iCm^i+iawTX 



-(zero^+i l3)coQi+iCi ■ ■ ■ Qt+ic„fit+i<ywTx 



or ~(decOk£+i /3)coO£+ici • • -Qi+iCmQi+KTvoTX 



(ind. hyp. on (d),(c)) 



~{zero|+i /3)coOf+iCi • ■ -Qt+iCmQi+icrwTX 

or (~(^ cqO^+iCi • • • awTX and val{w) = 1 (part (b)) 

^ V ' 

zero {I + l)-counter 



Further we have 



~(zero]_,_i l3)coOi+iCi ■ ■ ■ Oe+iCmOe+io-WTX 

> 

~(deQ zero^_,_i /3)0^+ico0^+ici ■ ■ -Oe+iCmOe+icrwTX 

or ~(zero£decOk^+i ^^O^+iCqO^+iCi • ■ • O^+ic^O^+iCTwra; (rule for {zero}^-^ 13)) 

false (ind. hyp. on (d),(c)) 



Combining this with the equivalences above yields part (c) for ^ + 1. 
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For part (d) we obtain the following equivalences: 
^{deci+xl^awTX <^=^ BcTm G i^t+i ■ ~(ones£dec£_,_i l3)amcrwTX (rule for (deQ+i p]) 



3am G ^e+i ■ ~(dec]+i P)Cm(Tm'^WTX (ind. hyp. on (a)) 

3<Tto_i,0-to e : 



~(deQdec]_,_l P)am-lCmO-rnO-WTX 

or ~(zero£decOk^+i ^^cTm-iCTOCTTOCTwra; (rule for (dec]_|_i 

3<Tto_i,0-to e : 
7 > 

~(dec£_,_i ^)cm_icrTO_iCTOO-TOcr«;ra; (ind. hyp. on (d),(c),m 

3ai,. . .,am ^ ^e+i ■ 
> 

~(deC^_,_l /3)ciCri • ■ • CmCTmCrWTX 



-(deQdec]_,_i P)aoCiai ■ ■ ■ CmO-mcrwrx 

3r ~(zero£decOk^+i p]aoCiai ■ ■ ■ Cmcrmf^WTX (rule for (dec]_|_i)) 



3(70,..., Cm e ^e+i ■ 



-(deQdec]_,_i/3)o-oCicri • • • CmO-mO-wrx 



or ~(decOk£_|_i /3)co<ToCicri ■ • ■ Cm'^m'^WTX (ind. hyp. on (c) 
30-o,...,crm G ^2^+1 : 



~(deQdec]_|_i/3)croCiCri • ■ • CmCmf^WTX 
or (^(^CoCroClCri • • • Cm(Jm(^WTX 

and val{w) = val{coao ■ ■ ■ CmCTm) + 1) (*) 

(ind. hyp. on (b)) 



Further we have for all ctq, . . . , <Tm € O^+i: 



(dec^+i /3}cocroCicri • • • CmCrm<ywTX (ind. hyp. on (d)) 



3cr_i e 17^+1 : ~(deQdec]_|_i/3)(T_iCocroCia-i ■ ■■CmCrm'^WTX 



or ~(zero^decOk£-|-i Pja-icoaociai ■ ■ ■ CmCmf^WTX 
<^=^ false (ind. hyp. on (d),(c)) 

Hence (★) is equivalent to 

3(70, . . . , (7„i e (2i+i : ~(^coc7oCiC7i • • • Cm<JmCrwTX and val{w) = val{coao ■ ■ ■ CmCTm) + 1 
which is in turn equivalent to 

val{w) 7^ and ^J^vawrx, where v is the ^-counter with val{v) + 1 = val{'w), 
which shows part (d) for f + 1. □ 
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4.3 Simulating a Transducer Machine 

Returning to our overall reduction, let us recall we have fixed a deterministically terminating 
transducer machine T = (Tower(/;;, n), Ti, T2) with respect to which Q^°^^'ik,n) jg dead end, i.e. 
we have the following in total: 

- Ti,T2 : {0, 1}* T* are letter-to-letter transducers, 

- for each z G {0, l}Tower(fe,n) ^^^^^ ^^^^ ^, ^^^j^ j,^^^-^ ^ T2(z'), 

- assume zo,...,zt S {Q, l}T°wer(fc,n) s^ch that zo = lTower(fc,n) ^ T^^Zi+x) for cach 

def 

i e [0,f — 1], and Zt is a dead end (we defined last(T) = -Zt)) and 

- o'r°"'^''('='") is a dead end with respect to T. 

We include rules so that ~ (start) holds if and only if last(7^ = o^°™^''('^'"'\ thus completing 
our reduction. The PDA V will be able to push zo,Zi,... on the stack, where each word Zi is 
encoded as a fc-counter, say di, in the obvious way: Zi = r]{di) where r] : f2* ^ {2^ denotes 
the homomorphism with r]{a) = cr for tr € J7fe and T]{a) = e otherwise. We emphasize that in 
comparison to the coimtcrs that were present in the proof of Lemma 6 for each i G [0, t] we do not 
generally have val{di) = i: Instead we have Zi = r]{di), in particular the sequence zq,. . . ,Zt and 
thus the sequence do,. . . ,dt is determined. The di will be separated on the stack by the symbol 
$ = Ofe+i. We include rules such that the following holds: 

Lemma 7. Let x G f2* and let 'Wi,W2,W3 be k-counters. 

(a) Then ~ (testFin)w i$a; iffrjiwi) = oT°"'«'-('='") . 

(b) Then ^ (testT ranjw3$W2$wi$a: iff Ti{r]{wi)) = T2{r]{w2)) ■ 

(c) Then -(start) iff zt = oT°»^'-('='") . 

For Lemma 7 we include the following rules: 

push $ and the encoded zq 

test 0"r°"'^^('=^") OR do the next z, 
rule a la Lemma 3 (a) to test o"^"™^''**^' 
rule a la Lemma 3 (a) to test o"r°™^''('=' 
for all oj G ^2: Erase stack content 
for all u e f2: Erase stack content 
choose the next Zi 



test whether new Zi is ok 
OR continue 

rule a la Lemma 3 
rule a la Lemma 3 

rule a la Lemma 3 for Ti 
rule a la Lemma 3 for T2 



start) &-> (onesfc fin 



(finj o — U {(testFin), (next 
.(testFin) (r2^fe_if2fc)* $ -^'"^^^ " .(popAII) 
(testFin). {n*<k_,ilk)* $ (popAII). 

,(popAII)(x; A .(popAII) 
(popAII), A (popAII), 

(next) o— ^ |(oneSfe_i next^)o- | cr G 

Def ( 7^ 

(next ) o — >■ < (decfe_i next )cr, 

(zerofe-i tranja | cr G 
(tran) |(onesfe testTranj$, 

,(testTran)l2^;t$^<fe$ '^^^ ,(testTran^) 
(testTran),/2<j.$ cft^^ (testTran^), 

.(testTran") (i7<fe_ii7fe) ^ ,(stopfe) 

(testTran^), (I2<fc_il2fc) $ ' > (stopfc). 
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Proof (of Lemma 7). Parts (a) and (b) are simple consequences of the above rules and Lemma 3 
(a) and (b), respectively. For part (c) we have: 



(start) <S==^ ^(fin)c?o$ rule for (start) and Lemma 6 (a) 



rj{do) = 0'r°™^('='") or ~(next)$do$ rule for (fin) and part (a) 



By the rules for (next) and (next^) and reasoning as in Lemma 6 we have 



(next)$do$ <^=^ there is a fc-counter wi with ~(tran)u'i$do$- 



By the rules for (tran) and part (b) we have 



'~(tran)t«i$rfo$ wi = di and ~(fin)wi$do$- 

It follows that: 



'~(next)$do$ ~(fin)(ii$do$ 

<^ r,{di) = oT°™«'-('='") or ~(next)$cZi$do$ rule for (fii^ and part (a) 

Combining this with the equivalences above we obtain: 

-(start) ^ V = 0^™"^'''"^ ~(next)$di$do$ 

i=0 

By iterating this reasoning, we obtain: 

t 



start) ^ V = 0'r°"'^''('='") or ~(next)$dt$rft_i$ • • • rfo$ 



i=0 
t 



Y ^. = 0T°'"^^('='") or ~(next)$dt$rft_i$---rfo$ 



1=0 

■^Tower(fc,n) 



^ 24 = 0'™"^^'='"^ or ~(next)$dt$dt_i$---do$, 

where the last equivalence follows from the fact that 0^°™^''('^'") is a dead end. By reasoning as 
above we have: 



^(next)$dt$ • • • doS there is a /c-counter w with ~(tran)^^;$c^^$ • • • do3 

=^ T,{rj{dt))=T2{v{w)) , 



which is false, by definition of t. We conclude that ~(start) holds iff Zt = 0^'^^'('',n) □ 
By Lemma 7 (c) we have completed the reduction, and hence the proof of Theorem 1. 

4.4 Normedness 

We can strengthen Theorem 1. Given a PDA V with control state set Q, we say a state s of S{'P) 
is normed if every state t that is reachable from s can reach some deadlock t', where t' = q for 
some q € Q (i.e. the stack is empty). 

Theorem 8. PDA bisimilarity for is nonelementary, even when the initial states are normed. 
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Proof. Recall that (5) requires for x G S7* and a G f^e+i and ^-counters w that we have 

,(stop£)x ~ (stop^), Ultra; . 

We satisfied this by not giving any rules for .(stopf) and (stop^),, thus creating deadlocks. Thus 
we allowed to reach states that are not normed. We show that the construction can be amended 
to avoid the latter. Assume that x = w'a'x' holds for an ^-counter w' , a' G fit+i and x' € fi* . 
Add the following rules: 

,(stop£)i7<^i?^+i ' .(popAII) 
(stop£),l2<£l2£+il2<^r2^+i '^^°') (popAII), 

and recall that rules for . (popAII) and (popAII), were given previously. Intuitively, w'a' is popped off 
the left stack with "half" speed, while waw'a' is popped off the right stack with "full" speed. After- 
wards the stacks arc of equal height and can be fully erased. Now (5) is satisfied, and these states arc 
normed. For the latter fact, observe all reachable stacks are of the form ((. . . ((J7q]7i)*]72)* • • •)*$)* 
and , (popAII) or (popAII), is always reachable. The only remaining problem is to guarantee that, 
whenever we require ,{stopi)x ~ {stopi) twax, x is indeed prefixed by w'a'. Note that stop^ is 
introduced in the rule for testTran and other occurrences of stop^ are used in the counter-related 
rules based on testDeQ. Consequently, if the above requirement is not already satisfied, w must 
be the ones ^-counter. To prevent this from happening, for testTran we shall add an extra ones 
fc-counter at the beginning of the simulations. For testDec, we shall eliminate the need for decre- 
ment tests involving ones counters by introducing a new symbol zOnes that will correspond to the 
predecessor of a ones counter. 

This can be achieved by the following modifications: 



Replace (start) o-^ (ones/c fin)$ with (start) o->- (onesfe start'')$ and (start°) o-^ (onesfc fin)$; 
i.e., push one additional ones fc-counter and $ in the beginning. 

Extend B by symbols zOnes^ with £ G [0, fc + 2], whose role is to push an ^-counter w with 
val{w) = Tower(i? + 1, n) — 2. (This vaj^uc is one less than the value of a ones ^-counter.) 



Replace (ones^ (3) (ones£_i ones^^ /3)l£ with 



(ones£ 13} (ones^-i ones£ 0)le and add 
(ones° (3) o-^ (zOnes^_i ones^ /3)l£- 



Similarly, replace (deQ p:] o— ^ |(ones£_i dec| I3)a \ a G with 

(dec£ p] o— ^ |(ones£_i dec° f3)a \ a G and add 

(dec^ p) {(zOnes^-i dec] p)a | a e Z^^} . 



Similarly, replace (zero£ (3) o-^ (ones£_i zero] /3)0^ with 

(zero£ p] o->- (ones£_i zero° /3)0£ and add 

a — ^ ^ ^ 

(zero" P) o->- (zOnes^_i zero] /3)0^ . 

— For (.>! add the following rules: 

(zOnes^ p\ o->- (ones£_i zOnes° ^)1^ 

a — ^ — ^ 

(zOnes? P) CM- (zOnes£_i zOnes] p)lt 

(zOnes] P) ^ |(deQ_i zOnes] p)li, (zero^_i P)Qt^ 



Finally, add (zOneso P) {P)%lo 
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By these modifications, whenever we require ,(stopf)x ~ (stop^),u'c7a; in our proofs, the word x 
will start with an ^-counter and an ]?^+i-symbol. □ 
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